In your previous mail you wrote: > >> I believe 5966bis already addresses your first point quite clearly. > >> (note: first point is to make TCP support mandatory) > >> > >> For example, it says: > >> > >> This document therefore updates the core DNS protocol specifications > >> such that support for TCP is henceforth a REQUIRED part of a full DNS > >> protocol implementation. > > => but has this statement got a consensus? If it is the case > > of course there is no reason to write twice the same thing. > > because of the installed base, i think we should say RECOMMENDED rather > than REQUIRED. we cannot reasonably redefine existing working systems as > unfit for duty. note, i do not know if we have consensus on this general > approach, nor do i know whether the strength of that consensus would be > higher for RECOMMENDED than for REQUIRED. however, i do know that i > would lodge an objection if the REQUIRED form were to reach consensus. i > realize that this language is already in RFC 5966 (August 2010), so, > that document was a protocol change not a clarification.
=> this raises again the 2 not technical points (DNSOP or not, 5966bis or not) and adds a choice: - don't change the TCP requirement - make TCP RECOMMENDED - make TCP REQUIRED IMHO to not change the TCP requirement (which is today a MAY for deployment on clients and servers) will be very irresponsible because we push DNS over TCP at many places: - long responses for IPv6 and/or DNSSEC - response rate limitation - privacy (how to talk about TLS if TCP doesn't work? :-) - even no answer (cf QTYPE=ANY messages) so as we add everyday a new reason to switch to a TCP transport it is time to make it to work everywhere in the real world. Now between RECOMMENDED and REQUIRED there is no real case where someone can justify to not follow the RECOMMENDED, and if today the lack of TCP doesn't break too many things (i.e., it can be considered as an inconvenience) it could be no longer the case tomorrow. So I am in favor of a REQUIRED but as you wrote the fight won't be on the requirement level but more on the requirement idea itself. About the 5966[bis] text in the introduction: Most DNS [RFC1034] transactions take place over UDP [RFC0768]. TCP [RFC0793] is always used for full zone transfers (AXFR) and is often used for messages whose sizes exceed the DNS protocol's original 512-byte limit. This text is clearly outdated. And: Whilst this document makes no specific requirements for operators of DNS servers to meet, ... This must be changed and not only for servers. If it can't be done in DNSOP it has to be done at another place (intarea itself?). Thanks francis.dup...@fdupont.fr _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
